pages tagged netsecfailhttp://misc.branchable.com/tags/netsecfail/
.miscbad security advice: Steve Gibson's password haystackshttp://misc.branchable.com/posts/bad_security_advice:_Steve_Gibson__39__s_password_haystacks/http://misc.branchable.com/posts/bad_security_advice:_Steve_Gibson__39__s_password_haystacks/
netsecfailsecurityThu, 02 Jun 2011 14:30:05 +00002011-11-26T18:48:18Z<p>Steve Gibson is recommending <a href="https://www.grc.com/haystack.htm" title="GRC, Gibson Research Corporation">long, low-entropy passwords</a>. This can give an advantage of convenience only in the short term. If there is a significant advantage to the password user, attackers will optimize for this type of low-entropy password by changing the search order.</p>
<p>Gibson implies in his reasoning that short passwords will be tried first. The efficient way to crack passwords is to try them roughly in the order of <strong>increasing entropy, not length</strong>. Increasing length is conventional, not essential.</p>
<p>Any gain in convenience you get by using long passwords with low entropy is lost when the attack methods change. Attackers adopt heuristics to target patterns in passwords, and you're back to relying on entropy. At that point, Gibson's approach just means uselessly typing more characters. <strong>The convenience gain is reversed</strong>.</p>
<p>Any public recommendation of a low entropy scheme, at any level of detail, is self-defeating. The more it's adopted, the faster it weakens relative to entropy.</p>
<p>Worse, if you were really getting the benefit of convenience by assuming dumb lexical order brute force attacks and using lower entropy than you should, you have to change your passwords to compensate for the loss of safety as the attack methods are adjusted to neutralize the length advantage.</p>
<p>Worse still, Steve Gibson is recommending low entropy for <strong>encryption keys</strong>, for example in WPA2 wireless encryption. When you use encryption for wireless transmission, you intentionally expose the cyphertext immediately, expecting it to be stored by keen attackers, and to be safe for some required period according to the strength of the key. In the long term, only the entropy of your key can reliably slow down decryption attempts. By the time you realize your key isn't as strong as you were led to believe, it's too late to change it. Your attacker already has your weakly encrypted data.</p>
<p>at technophobe: <a href="http://technophobe.net/haystack/">bad security advice: Steve Gibson's password haystacks</a></p>
/posts/bad_security_advice:_Steve_Gibson__39__s_password_haystacks/#comments